similar to: Joining samba 3.6 to AD with SPN target name validation hardening

Am 14.09.2016 um 17:54 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 10:30:03 -0500 > Michael A Weber <mweber.subscriptions01 at gmail.com> wrote: > >>> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba >>> <samba at lists.samba.org> wrote: >>> >>> On Tue, 13 Sep 2016 22:53:44 -0500 >>> Michael A Weber via samba

And reading last mails comforts me in believing the filter used by client side to retrieve user is not correct, that filter should use SPN then you won't need to set up SPN into UPN field. 2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Hi Louis, > > > 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba < > samba at lists.samba.org>: >

> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Tue, 13 Sep 2016 22:53:44 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC >> machine but I’m receiving an error: >> >>

2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Tue, 30 Aug 2016 15:58:13 +0200 > mathias dufresne via samba <samba at lists.samba.org> wrote: > > > And reading last mails comforts me in believing the filter used by > > client side to retrieve user is not correct, that filter should use > > SPN then you won't need to

Hi everyone, samba-tool dbcheck --reindex Re-indexing... ../ldb_tdb/ldb_index.c:2352: duplicate attribute value in CN=WSTEST,OU=vm,OU=computers,OU=test,DC=ad,DC=test,DC=it for index on servicePrincipalName, duplicate of objectGUID 4c723426-73f8-4991-bf95-88eb57840c2c in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/WSTEST.AD.TEST.IT Looking at the computer entry, I indeed have thoses two SPN (notice

Experts— I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: ERROR(runtime): uncaught exception - Key table entry not found File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in

> On Sep 14, 2016, at 12:57 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 18:23 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 05:53

Good afternoon. how to overcome the problem, samba creates an SPN in the format computer_name.example.com (computer name in lower case) and Windows registers as CUMPUTER_NAME.example.com (computer name in uppercase). When synchronizing in the direction of Samba, 2 SPN entries appear computer_name.example.com CUMPUTER_NAME.example.com And on the windows side, there is a replication error, since by

Hi, In samba role DC, is the issue of duplicate SPN records fixed?

Hi, I'm seeing this error on 3.0.24, 3.0.28, 3.0.32 and 3.2.6: Failed to join domain: failed to set machine spn: Constraint violation [Sanitised] First Run: net ads join createupn=HOST/FQDN@DOM.REALM.DOMAIN.COM createcomputer="OU/OU/OU/Services" -U username -d1 Enter username's password: [2008/12/11 17:02:32, 1] libnet/libnet_join.c:libnet_Join(1770) libnet_Join:

Hi Rowland, yes I'm configuring apache kafka / zookeeper, I need Kerberos authentication for the test environment and I don't have AD :) I'v two environment, the first (production), samba 4.5.1 work as intended: # samba-tool spn list z1 z1 User CN=z1,CN=Users,DC=pro,DC=lan has the following servicePrincipalName: zookeeper/node1.pro.lan # klist -k -e z1.ktab Keytab name:

Hai   After my squid group adventure, i have a remaining question here.   The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )   samba-tool setup for squid i used, was as followed.   samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password samba-tool user setexpiry

> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: >> >> ERROR(runtime): uncaught exception - Key table entry not

Hello All. I am using Samba AD DC and Linux server with Squid, and I try to configure kerberos authentication for proxy server users. I need to add SPN for user and then export keytab with it to file. I am add user with RSAT and add SPN for it with samba-tool (like https://wiki.samba.org/index.php/Generating_Keytabs): -------------------- root at ad41:/# samba-tool spn list proxy proxy User

Hello again, after obtaining the keytab file I tried to use kinit keytab.file followed by the spn $ samba-tool spn list z1 z1 User CN=z1,CN=Users,DC=home,DC=lan has the following servicePrincipalName: zookeeper/ap42.home.lan $ samba-tool domain exportkeytab z1.ktab --principal=z1 $ samba-tool domain exportkeytab z1.ktab --principal=zookeeper/ap42.home.lan $ kinit -V -k -t z1.ktab

Am 16.09.2016 um 22:54 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/16/16 1:43 PM: >> >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>>>> On Wed,

> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 18:23 schrieb Michael A Weber: >> Question though, just for my curiosity: >> >> The encryption algorithms specified after each SPN: I see that aes-256 is listed when I export the user, but not the SPN. Are those expected, or have I done

Hello, I am trying to export keytab by following this guide: https://wiki.samba.org/index.php/Generating_Keytabs OS: CentOS 7.5 Samba: samba-dc-4.7.6-0.el7.centos.x86_64 (from Tranquil repo) Everything seems to work, but keytab is not exported (keytab file is not created). [root at ads1 /]# net ads enctypes list svc_confluence_sso 'svc_confluence_sso' uses

this is a rather critical error. Do you have a patch for version 4.6 or 4.7? В Пн, 12/03/2018 в 18:56 +1300, Andrew Bartlett via samba пишет: > On Mon, 2018-03-12 at 10:36 +0500, denis.shigapov via samba wrote: > > Good afternoon. > > how to overcome the problem, > > samba creates an SPN in the format computer_name.example.com (computer name in lower case) and Windows

Hello, I would be very grateful if anyone could help with what seems like a simple lattice task. I want to use xyplot, where the symbols for the plotted points are taken from another column in the data frame. So if the data frame looked like: a <- as.data.frame(matrix(data=c(1,1,10,2,2,20,3,3,30), nrow=3, ncol=3, byrow=TRUE)) a V1 V2 V3 1 1 1 10 2 2 2 20 3 3 3 30 you would get